I think that, at least for b2b software, there's a lack of appreciation here for the role compliance plays. The author cites both googles and Microsofts office tools, but they really suck. My fiancee has to use Microsoft, and now I do too; no one likes them! Their janky online office actually deletes text as I type!
However, I know that the only reason my company is using it is because it makes compliance really easy, and they just don't have the bandwidth to take on more. This is further complicated by microsofts, let's say not great security record, which indicates that security compliance is really more of a box checking activity than anything else.
This is where Europe could come in. By lowering the barrier or, even better, coming up with requirements that required something closer to real security, you could seriously challenge these US companies.
>coming up with requirements that required something closer to real security
Being in security for years now, I'm not sure that's possible. At the end of the day real security is a massive onion with lots of layers. Most of the time I'm dealing with crappy security consultants I would not say their recommendations are made up whole cloth. I would say misapplication of requirements from different security contexts is one of the most common problems, and after that examining shallow issues for checkboxes rather than fundamental issues of applications.
I think there was a one-two punch that sort of destroyed common sense.
First the rise of cloud computing where some data went remote.
Then the pandemic where people were remote too.
And I think most corporations sort of GAVE UP. Now everything including employee lists, business strategy, code, internal documents, chat sessions, email, meetings... it's all just out there.
> security compliance is really more of a box checking activity than anything else.
Yup. Same at my job, new FIPS requirements. Current functional hardware is now e-waste because not compliant. And, of course, the few vendors who do support FIPS are the usual incumbents like MS and Cisco. So buy new Dell hardware with TPMs, Cisco switches, Windows 11 and server 2025. Forced obsolescence and waste stream for check boxes.
A lot of companies worried about things at this level grind their machines into small bits after finding out potential leaks of information were occurring on things like NVRAM on devices.
agree with Svilen_Dobrev, that this could be solved by making certain types of software public infrastructure.
The article says that the main conflict is part one of the OSS license, "The license shall not restrict any party from selling or giving away the software as a component… [and] shall not require a royalty or other fee for such sale." Which makes it very hard to sell OSS software (read the article for nuance).
Business cannot do this because the business needs to capture the value (ie. through sales) in order to fund creating the value (the software).
A government, however, would not have this restriction, because they don't need to sell it to capture the value the software creates.
This is, in fact, what government is best at doing and where business fails. Business is great when value capture is linked with value creation, think hamburger stand (the value is the burger, and the customer trades money for burger).
Goverment is optimized for when value creation is separate from value capture. Svilven mentions roads. The burger stand couldn't create or sell the burger without roads to freight in raw materials and customers, but only a fraction of the value of the road network is in the burger. Because the road also supplies value to a number of other enterprises.
So the best way to capture the value of the road is via a similarly diffusive system, i.e. a tax. Government.
And for certain fundamental types of software systems, i.e. web browsers, search engines, messaging services, perhaps a government can build them better than a company. Certainly the economic incentives align better.
OSS externalizes costs; it's people working for free for whatever reasons that motivates them at the time.
OSS provides value (let's say, large) uncorrelated to a large extent with those externalized costs (often almost zero). The multiple is enormous.
Commercial software companies capture that value, because they can; they're not stupid.
But, Commercial software companies also create an undeniable value above the captured value - they provide support, security, documentation, even familiarity, a "throat to choke", etc. The captured value, often at zero initial cost, is the margin.
There is no change that can be made to any OSS license that will change that dynamic. Unless it's not OSS anymore.
Governments can do very little; most OSS developers, as cost, will not work, for free, for a government. Maybe the patriots will, but not many others - so that idea will go nowhere unless the developers are government employees. That has its own issues, not all of which are necessarily bad.
Government sponsored software infrastructure will probably not be as good as the OSS projects, or the Commercial products we use today. That's certainly not a given, but overlay it all with leadership, administration and bureaucracy, and you're probably on a hiding to nothing. Governments have little vision beyond the next election cycle.
Software isn't the same as roads. A citizen knows what a road is; they see it, they use it directly, and also see its obvious value for many other purposes - they intuitively understand why they're paying, and for what they're paying. A citizen doesn't easily see the value of some OSS project embedded in the operations of their government - they see the chair and couldn't care less about the lumber. (I'll grant that taxes paid to a general fund might work.)
That's also often the view of people and organizations that buy commercial products based on OSS software. They care about the chair, not the tree, or the process that turned the tree into the chair.
OSS should, and probably will, always exist. People like doing things. It gives them pleasure. But, we can't really mix the open with the closed by screwing around with licenses. It's open or it's closed.
I do like the thrust of this article - it is the sort of principle-based reasoning that I can get behind. Like all principle-based reasoning; it is for the small number of people organising for change. Most humans (including most politicians and administrators) aren't principles-based and, indeed, are almost always in a state of causing problems by acting randomly based on short-term incentives.
The real issue in the EU is not that they don't understand the problems in outcome, but that in the US people can get rich by selling software products (particularly SAAS & advertising) and people in the EU cannot. Therefore, the US has a huge structural advantage because they control everything. We know they have the people - Torvalds and Sergey Brin spring to mind. Big European success stories, except for the fact that they aren't really European any more.
One regret I have is not starting a "software importing" company.
Just take a bunch of open-source code and then "re-sell" it with a US HQ. Solves a lot of government compliance problems and I can use my 100% profit margin to actually do security testing on the packages.
> But the best end-user software — the kind for non-technical people — is… sadly… not open-source.
Not open source yet. I firmly believe (and we have lived experientially in the last several decades) that all software will eventually be supplanted by an open source solution that becomes the industry standard.
A better analogy would be man-hours as lumber, OS and browsers as buildings, IDEs as factories, forges or shipyards and finally end-user software as furniture and the like.
As for overcoming the tension between user autonomy and developer compensation, my hope is that evolving decentralized platforms and AI tools will bring about a time when all users can collaborate in the creation and maintenance of most software they are using.
i prefer to think of it as (public) infrastructure - like roads, for cars/buses/trucks or trains, including (to some extent) the cars themselves. Roads also decay - themselves or their supporting (eco)system shifts under them, be it dirt or water or tree-roots. And are public property, because has been deemed useful for the society to invest in them and let them be accessible and usable for free.
One may say that it is only the hardware (bare metal), or hardware plus virtualisation (IaC).. or even include OS in it.. but that would be up to road. You can walk on road - as end-user of that alone. Most people - end-users - would use a bus. Or train. Which is end-user software.
if the human society has entered the Information age, then these things that allow information to flow and to be entered or consumed, should become part of the society-funded infrastructure. Kind-a information (hardware+software)-tax, yes. With proper rules to spend that on proper topics.
Having roads is deemed strategic. Having communication-channels as well. So.. having information-level-fabric is too, no?
> my hope is that evolving decentralized platforms and AI tools will bring about a time when all users can collaborate in the creation and maintenance of most software they are using.
How would this happen without AGPL licenses exactly?
The US can stop enforcing IP law, which I don’t think has a sound ethical justification in the first place. Ideas and code can’t be “stolen” like physical property. Using copyright law to oppose copyright is a practical tactic, but I wouldn’t say consistently principled.
Software does not decay, it bloats. The fact that more and more layers of abstraction are now required to be taped over code to get meaningful output is the core issue.
Lumber is organically grown without tending or supervision, fits a generally homogeneous form factor, processed with a small number of tools to produce near-identical mass produced products.
But the essence of the argument is there. Government should be funding open source as necessary infrastructure like roads and bridges.
But not just that. Funding open source is necessary for national defense.
There are hundreds of billions of dollars in budgets out there that should be sent to funding open source developers.
All the tech heads at the inauguration, from the bald ones to the Tim Cooks and Sundar Pichais, participated under the assumption that it would preserve their piece of the pie. Independence, sovereignty, and self-sustainability are going to be big driving factors for how people build for the future now.
Not sure why you are being downmodded. The abrupt about face of Facebook and Amazon/WaPo (and probably Apple, but I haven't seen any evidence there), and even the change in Musk over the last 10 years, shows one of a few realities:
1. Tech CEOs, probably like other CEOs, are easily bought.
2. Tech CEOs are terrified of retributive and/or deserved antitrust action and/or regulation changes from Trump.
3. Tech CEOs never really were the progressive allies of the Left, but needed Trump to make it safe for them to drop the mask.
I think that, at least for b2b software, there's a lack of appreciation here for the role compliance plays. The author cites both googles and Microsofts office tools, but they really suck. My fiancee has to use Microsoft, and now I do too; no one likes them! Their janky online office actually deletes text as I type!
However, I know that the only reason my company is using it is because it makes compliance really easy, and they just don't have the bandwidth to take on more. This is further complicated by microsofts, let's say not great security record, which indicates that security compliance is really more of a box checking activity than anything else.
This is where Europe could come in. By lowering the barrier or, even better, coming up with requirements that required something closer to real security, you could seriously challenge these US companies.
>coming up with requirements that required something closer to real security
Being in security for years now, I'm not sure that's possible. At the end of the day real security is a massive onion with lots of layers. Most of the time I'm dealing with crappy security consultants I would not say their recommendations are made up whole cloth. I would say misapplication of requirements from different security contexts is one of the most common problems, and after that examining shallow issues for checkboxes rather than fundamental issues of applications.
> security compliance
I think there was a one-two punch that sort of destroyed common sense.
First the rise of cloud computing where some data went remote.
Then the pandemic where people were remote too.
And I think most corporations sort of GAVE UP. Now everything including employee lists, business strategy, code, internal documents, chat sessions, email, meetings... it's all just out there.
> security compliance is really more of a box checking activity than anything else.
Yup. Same at my job, new FIPS requirements. Current functional hardware is now e-waste because not compliant. And, of course, the few vendors who do support FIPS are the usual incumbents like MS and Cisco. So buy new Dell hardware with TPMs, Cisco switches, Windows 11 and server 2025. Forced obsolescence and waste stream for check boxes.
I’d be very curious as to what you’re doing with your old hardware. My homelab is always eager to grow
A lot of companies worried about things at this level grind their machines into small bits after finding out potential leaks of information were occurring on things like NVRAM on devices.
What an absolute shame
agree with Svilen_Dobrev, that this could be solved by making certain types of software public infrastructure.
The article says that the main conflict is part one of the OSS license, "The license shall not restrict any party from selling or giving away the software as a component… [and] shall not require a royalty or other fee for such sale." Which makes it very hard to sell OSS software (read the article for nuance).
Business cannot do this because the business needs to capture the value (ie. through sales) in order to fund creating the value (the software).
A government, however, would not have this restriction, because they don't need to sell it to capture the value the software creates.
This is, in fact, what government is best at doing and where business fails. Business is great when value capture is linked with value creation, think hamburger stand (the value is the burger, and the customer trades money for burger).
Goverment is optimized for when value creation is separate from value capture. Svilven mentions roads. The burger stand couldn't create or sell the burger without roads to freight in raw materials and customers, but only a fraction of the value of the road network is in the burger. Because the road also supplies value to a number of other enterprises.
So the best way to capture the value of the road is via a similarly diffusive system, i.e. a tax. Government.
And for certain fundamental types of software systems, i.e. web browsers, search engines, messaging services, perhaps a government can build them better than a company. Certainly the economic incentives align better.
OSS externalizes costs; it's people working for free for whatever reasons that motivates them at the time.
OSS provides value (let's say, large) uncorrelated to a large extent with those externalized costs (often almost zero). The multiple is enormous.
Commercial software companies capture that value, because they can; they're not stupid.
But, Commercial software companies also create an undeniable value above the captured value - they provide support, security, documentation, even familiarity, a "throat to choke", etc. The captured value, often at zero initial cost, is the margin.
There is no change that can be made to any OSS license that will change that dynamic. Unless it's not OSS anymore.
Governments can do very little; most OSS developers, as cost, will not work, for free, for a government. Maybe the patriots will, but not many others - so that idea will go nowhere unless the developers are government employees. That has its own issues, not all of which are necessarily bad.
Government sponsored software infrastructure will probably not be as good as the OSS projects, or the Commercial products we use today. That's certainly not a given, but overlay it all with leadership, administration and bureaucracy, and you're probably on a hiding to nothing. Governments have little vision beyond the next election cycle.
Software isn't the same as roads. A citizen knows what a road is; they see it, they use it directly, and also see its obvious value for many other purposes - they intuitively understand why they're paying, and for what they're paying. A citizen doesn't easily see the value of some OSS project embedded in the operations of their government - they see the chair and couldn't care less about the lumber. (I'll grant that taxes paid to a general fund might work.)
That's also often the view of people and organizations that buy commercial products based on OSS software. They care about the chair, not the tree, or the process that turned the tree into the chair.
OSS should, and probably will, always exist. People like doing things. It gives them pleasure. But, we can't really mix the open with the closed by screwing around with licenses. It's open or it's closed.
I do like the thrust of this article - it is the sort of principle-based reasoning that I can get behind. Like all principle-based reasoning; it is for the small number of people organising for change. Most humans (including most politicians and administrators) aren't principles-based and, indeed, are almost always in a state of causing problems by acting randomly based on short-term incentives.
The real issue in the EU is not that they don't understand the problems in outcome, but that in the US people can get rich by selling software products (particularly SAAS & advertising) and people in the EU cannot. Therefore, the US has a huge structural advantage because they control everything. We know they have the people - Torvalds and Sergey Brin spring to mind. Big European success stories, except for the fact that they aren't really European any more.
One regret I have is not starting a "software importing" company.
Just take a bunch of open-source code and then "re-sell" it with a US HQ. Solves a lot of government compliance problems and I can use my 100% profit margin to actually do security testing on the packages.
> But the best end-user software — the kind for non-technical people — is… sadly… not open-source.
Not open source yet. I firmly believe (and we have lived experientially in the last several decades) that all software will eventually be supplanted by an open source solution that becomes the industry standard.
A better analogy would be man-hours as lumber, OS and browsers as buildings, IDEs as factories, forges or shipyards and finally end-user software as furniture and the like.
As for overcoming the tension between user autonomy and developer compensation, my hope is that evolving decentralized platforms and AI tools will bring about a time when all users can collaborate in the creation and maintenance of most software they are using.
i prefer to think of it as (public) infrastructure - like roads, for cars/buses/trucks or trains, including (to some extent) the cars themselves. Roads also decay - themselves or their supporting (eco)system shifts under them, be it dirt or water or tree-roots. And are public property, because has been deemed useful for the society to invest in them and let them be accessible and usable for free.
One may say that it is only the hardware (bare metal), or hardware plus virtualisation (IaC).. or even include OS in it.. but that would be up to road. You can walk on road - as end-user of that alone. Most people - end-users - would use a bus. Or train. Which is end-user software.
if the human society has entered the Information age, then these things that allow information to flow and to be entered or consumed, should become part of the society-funded infrastructure. Kind-a information (hardware+software)-tax, yes. With proper rules to spend that on proper topics.
Having roads is deemed strategic. Having communication-channels as well. So.. having information-level-fabric is too, no?
Edit: just saw this tangentially related: UN+OSI https://unite.un.org/news/osi-first-endorse-united-nations-o... https://news.ycombinator.com/item?id=43340682
> my hope is that evolving decentralized platforms and AI tools will bring about a time when all users can collaborate in the creation and maintenance of most software they are using.
How would this happen without AGPL licenses exactly?
The US can stop enforcing IP law, which I don’t think has a sound ethical justification in the first place. Ideas and code can’t be “stolen” like physical property. Using copyright law to oppose copyright is a practical tactic, but I wouldn’t say consistently principled.
Software does not decay, it bloats. The fact that more and more layers of abstraction are now required to be taped over code to get meaningful output is the core issue.
Lumber? Like.... Lumber?
Lumber is organically grown without tending or supervision, fits a generally homogeneous form factor, processed with a small number of tools to produce near-identical mass produced products.
But the essence of the argument is there. Government should be funding open source as necessary infrastructure like roads and bridges.
But not just that. Funding open source is necessary for national defense.
There are hundreds of billions of dollars in budgets out there that should be sent to funding open source developers.
All the tech heads at the inauguration, from the bald ones to the Tim Cooks and Sundar Pichais, participated under the assumption that it would preserve their piece of the pie. Independence, sovereignty, and self-sustainability are going to be big driving factors for how people build for the future now.
Not sure why you are being downmodded. The abrupt about face of Facebook and Amazon/WaPo (and probably Apple, but I haven't seen any evidence there), and even the change in Musk over the last 10 years, shows one of a few realities:
1. Tech CEOs, probably like other CEOs, are easily bought.
2. Tech CEOs are terrified of retributive and/or deserved antitrust action and/or regulation changes from Trump.
3. Tech CEOs never really were the progressive allies of the Left, but needed Trump to make it safe for them to drop the mask.
The likely reality is a combination of all three.
The election of Donald Trump shows that the world needs to become independent from the U.S.
This is a video about Digital Sovereignty in Europe:
https://www.youtube.com/watch?v=uWS8J2Zs7KQ
Posted on an American video sharing site…
If this is something you truly believe in, lead by example.
Posted on an international video sharing site, with global teams.
But don't worry, the decoupling is happening.
Which platform do you recommend?